As computing devices become connected to various systems and networks, securing and protecting computer devices from attacks has become important to those who have sensitive information on the computing devices or systems. Computer systems can be attacked by software based attacks, hardware based attacks, or a combination thereof. When software is primarily used to attack a computer device or system, it is generally referred to as “software hacking.” When hardware is used or if a physical manipulation of the hardware is performed to attack the computer system, it is generally referred as “hardware hacking.” More sophisticated attacks may involve both “software hacking” and “hardware hacking” of a system. When hardware attacks are made to a computer system and/or network, a computing device or module may be used to connect to the system and/or network. Such computing device or module is generally referred as “rogue hardware.”
These advancements in the devices and methods of attacks have created challenges to detect and secure the vulnerabilities of modern computer systems and networks. Securing a computer system and/or network may include protection of data from unauthorized copying, transferring, accessing, modifying, and/or deleting of data. Securing a computer system and/or network may include hardware based configurations wherein certain types of software are prevented from running on the hardware. Securing a computer system and/or network may also include prevention of other forms of unauthorized activities on the system and/or network. Generally, computer security provides constraints on the hardware and/or software in a system to make the hardware and/or software perform the way it is configured to perform. Using these constraints may help detect and prevent system vulnerability from rogue hardware. One method of providing such a security is trusted computing.
In theory, trusted computing provides that a computer system will act in specific and desired ways. The computer system's behavior is enforced by hardware, software, or both. Such enforcement may be achieved by using unique “keys” or identifications of hardware, software, or both.
A Trusted Computing Module (TCM) is one example of providing specialized hardware. Specialized hardware can be custom-built to provide hardware based computer security. Examples of specialized hardware include devices that incorporate a secure processor. For example, the AEGIS is a single-chip secure processor that may be used in a TCM (see Suh et al., AEGIS: A single-chip secure processor, Information Security Technical Report (2005) 10, 63-73). However, in a computing system, using only one type of a TCM can lead to undesired vulnerability if that TCM is “broken.” The term “broken” or “breaking” generally refers to overcoming a computer's security. When a particular TCM has been successfully broken, the attacker would then have the ability to potentially break other systems or devices that rely on the same type of TCM for security. Accordingly, if a system includes a TCM or a Secure Processor, it is generally not advertised that the system includes such a component. Generally this is because the knowledge that a system includes a TCM, or a specialized hardware such as a Secure Processor, gives a hacker additional information that could help to attack a security measure. Different TCMs may be used within larger systems to provide an extra layer of security from this form of vulnerability. Using multiple TCMs has a disadvantage in that the system can become extremely complex and costly. To provide sufficient layers of protection, each computing module on a computer system would require multiple TCMs each specifically designed. The cost of producing so many individually developed TCMs may not make sense if, for example, the computing system is designed to be abandoned or to be disposable. Examples of systems that are designed to be abandoned or to be disposable are missiles, drones, other military hardware/systems, and space exploration devices.
All of the above devices, systems, and methods have various disadvantages. Accordingly, improved devices, systems and methods for protecting a computer system that includes unprotected computer hardware and/or software are desirable.